Overview

overview

10

Static

static

PAYMENT_SLIP.exe

windows7_x64

10

PAYMENT_SLIP.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAYMENT_SLIP.exe

  • Size

    682KB

  • Sample

    200716-p4y1h9gjvx

  • MD5

    585b758048738f9b6c7fdccda7670e7e

  • SHA1

    62a9445cb0e972e527563c1a039f62248ebf7fcf

  • SHA256

    aacbdc4e71933d3b1315ffaf853ae20db13b8ba6442f250d8207ec1018d1ac53

  • SHA512

    ef38c90063b0bdf37613162374d2dac74a1a639def65a93eaa4663ed0bd20f3a499233e19500d48737e5a98b0b5cb1602fe83ad0415a23fc7c076c2016e2f1bc

Score
10/10
hawkeyekeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      PAYMENT_SLIP.exe

    • Size

      682KB

    • MD5

      585b758048738f9b6c7fdccda7670e7e

    • SHA1

      62a9445cb0e972e527563c1a039f62248ebf7fcf

    • SHA256

      aacbdc4e71933d3b1315ffaf853ae20db13b8ba6442f250d8207ec1018d1ac53

    • SHA512

      ef38c90063b0bdf37613162374d2dac74a1a639def65a93eaa4663ed0bd20f3a499233e19500d48737e5a98b0b5cb1602fe83ad0415a23fc7c076c2016e2f1bc

    Score
    10/10
    spywarekeyloggertrojanstealerhawkeye

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks